At some point in the last 10 days the local security policy on this W2k server got hosed up and now I can not log on to the server. I tried the Administrator account, a different Domain Admin account, my personal account which is an administrator account and a user account. None of them can log on interactively.

I verified in the Default Domain Group Policy that the local logon allows the Domain Users group the ability to log on interactively on the domain. You can see the server on the network and you can connect to it from Dameware, RDP and an MMC shell.

I can not log on to the local server either which is sort of weird. We have determined that the server is receiving Group Policy Updates and is communicating with AD on the domain.

I have a replacement server coming for this box in the next 7 days but I will still need to be able to demote this server from a DC to a member server before I decommision it.

Thanks for the quick responses my friends. The problem is that I can NOT log on to the server at all. I can connect to the dameware mini remote control daemon that is running on the box and see the console but I can not log on. I can also connect via RDP but I can not log on. How can I fix the problem with no access to the server itself? As I said earlier the server is receiving GPO updates and it is communicating with AD it is just not allowing an interactive logon.

I misunderstood and thought you indicated that you could login through RDP, but not locally.

You should be able to install the domain admin tools from Microsoft or your install CDs on your local workstation. Then you should be able to modify the policy affecting who's allowed to login interactively to the server.

Then remotely reboot the server from the command line and you should be in business.

The only real difference is that you'll be making the changes from a workstation instead of a DC.

Ok, none of that worked and the secedit /refreshpolicy machine_policy /enforce did not work and gave me errors on the W23k domain controller. I can edit and change the GPO settings on the servers that I have access to all day long. The problem is I do not have access to my W2k server to make changes to the policy. How can I force changes on the server that I can not get to? I can connect to that server through computer management MMC on my computer or on the server but it does not show me how to connect to the local security policies on that W2k server. Does any of what I am saying make sense? LOL... Please forgive me if I am appearing to be dense... I am really trying and I need to get control of this server so I can demote it when the replacement server gets here next week. Sorry to be such a pain...

Ok, guess what, I did get in to that W2k server. I went to one of my W23k servers and did the steps stated above. I ran gpupdate /force and rebooted that server. Once I did that I guess it must have updated the local security policy on the W2k server and then I was able to log on interactively. Whew, thanks.

0

This discussion has been inactive for over a year.

You may get a better answer to your question by starting a new discussion.